Avaya Configuring RADIUS Services User manual

Brand: Avaya

Model: Configuring RADIUS Services

Category: Software manuals

Type: User manual

Part No. 116752 Rev. A

May 1997

Router Software Version 11.02

Site Manager Software Version 5.02

Conﬁguring RADIUS

116752 Rev. A

4401 Great America Parkway 8 Federal Street

Santa Clara, CA 95054 Billerica, MA 01821

The information in this document is subject to change without notice. The statements, conﬁgurations, technical data,

and recommendations in this document are believed to be accurate and reliable, but are presented without express or

implied warranty. Users must take full responsibility for their applications of any products speciﬁed in this document.

The information in this document is proprietary to Bay Networks, Inc.

The software described in this document is furnished under a license agreement and may only be used in accordance

with the terms of that license. A summary of the Software License is included in this document.

Restricted Rights Legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph

(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notice for All Other Executive Agencies

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer

software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in

the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Trademarks of Bay Networks, Inc.

ACE, AFN, AN, BCN, BLN, BN, BNX, CN, FN, FRE, GAME, LN, Optivity, PPX, Bay Networks, SynOptics,

SynOptics Communications, Wellﬂeet and the Wellﬂeet logo are registered trademarks and ANH, ARN, ASN,

BaySIS, BayStack, BayStream, BCNX, BLNX, EZ Install, EZ Internetwork, EZ LAN, PathMan, PhonePlus,

Quick2Conﬁg, RouterMan, SPEX, Bay Networks Press, the Bay Networks logo and the SynOptics logo are

trademarks of Bay Networks, Inc.

Third-Party Trademarks

All other trademarks and registered trademarks are the property of their respective owners.

Statement of Conditions

In the interest of improving internal design, operational function, and/or reliability, Bay Networks, Inc. reserves the

right to make changes to the products described in this document without notice.

Bay Networks, Inc. does not assume any liability that may occur due to the use or application of the product(s) or

circuit layout(s) described herein.

reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above

and other materials related to such distribution and use acknowledge that such portions of the software were

developed by the University of California, Berkeley. The name of the University may not be used to endorse or

promote products derived from such portions of the software without speciﬁc prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR

IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that

contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed

by third parties).

116752 Rev. A iii

Bay Networks Software License

This Software License shall govern the licensing of all software provided to licensee by Bay Networks (“Software”).

Bay Networks will provide licensee with Software in machine-readable form and related documentation

(“Documentation”). The Software provided under this license is proprietary to Bay Networks and to third parties from

whom Bay Networks has acquired license rights. Bay Networks will not grant any Software license whatsoever, either

explicitly or implicitly, except by acceptance of an order for either Software or for a Bay Networks product

(“Equipment”) that is packaged with Software. Each such license is subject to the following restrictions:

1. Upon delivery of the Software, Bay Networks grants to licensee a personal, nontransferable, nonexclusive license

to use the Software with the Equipment with which or for which it was originally acquired, including use at any

of licensee’s facilities to which the Equipment may be transferred, for the useful life of the Equipment unless

earlier terminated by default or cancellation. Use of the Software shall be limited to such Equipment and to such

facility. Software which is licensed for use on hardware not offered by Bay Networks is not subject to restricted

use on any Equipment, however, unless otherwise speciﬁed on the Documentation, each licensed copy of such

Software may only be installed on one hardware item at any time.

2. Licensee may use the Software with backup Equipment only if the Equipment with which or for which it was

acquired is inoperative.

3. Licensee may make a single copy of the Software (but not ﬁrmware) for safekeeping (archives) or backup

purposes.

4. Licensee may modify Software (but not ﬁrmware), or combine it with other software, subject to the provision

that those portions of the resulting software which incorporate Software are subject to the restrictions of this

license. Licensee shall not make the resulting software available for use by any third party.

5. Neither title nor ownership to Software passes to licensee.

6. Licensee shall not provide, or otherwise make available, any Software, in whole or in part, in any form, to any

third party. Third parties do not include consultants, subcontractors, or agents of licensee who have licensee’s

permission to use the Software at licensee’s facility, and who have agreed in writing to use the Software only in

accordance with the restrictions of this license.

7. Third-party owners from whom Bay Networks has acquired license rights to software that is incorporated into

Bay Networks products shall have the right to enforce the provisions of this license against licensee.

8. Licensee shall not remove or obscure any copyright, patent, trademark, trade secret, or similar intellectual

property or restricted rights notice within or afﬁxed to any Software and shall reproduce and afﬁx such notice on

any backup copy of Software or copies of software resulting from modiﬁcation or combination performed by

licensee as permitted by this license.

Note:

This is Bay Networks basic license document. In the absence of a

software license agreement specifying varying terms, this license -- or the

license included with the particular product -- shall govern licensee’s use of

Bay Networks software.

iv 116752 Rev. A

Bay Networks Software License

(continued)

9. Licensee shall not reverse assemble, reverse compile, or in any way reverse engineer the Software. [Note:

For

licensees in the European Community, the Software Directive dated 14 May 1991 (as may be amended from time

to time) shall apply for interoperability purposes. Licensee must notify Bay Networks in writing of any such

intended examination of the Software and Bay Networks may provide review and assistance.]

10. Notwithstanding any foregoing terms to the contrary, if licensee licenses the Bay Networks product “Site

Manager,” licensee may duplicate and install the Site Manager product as speciﬁed in the Documentation. This

right is granted solely as necessary for use of Site Manager on hardware installed with licensee’s network.

11. This license will automatically terminate upon improper handling of Software, such as by disclosure, or Bay

Networks may terminate this license by written notice to licensee if licensee fails to comply with any of the

material provisions of this license and fails to cure such failure within thirty (30) days after the receipt of written

notice from Bay Networks. Upon termination of this license, licensee shall discontinue all use of the Software

and return the Software and Documentation, including all copies, to Bay Networks.

12. Licensee’s obligations under this license shall survive expiration or termination of this license.

116752 Rev. A

Contents

About This Guide

Before You Begin .............................................................................................................xiii

Conventions .....................................................................................................................xiv

Acronyms ......................................................................................................................... xv

Ordering Bay Networks Publications ............................................................................... xv

Bay Networks Customer Service .....................................................................................xvi

How to Get Help ..............................................................................................................xvi

For More Information ......................................................................................................xvii

Chapter 1

Starting RADIUS

How to Use This Manual .................................................................................................1-1

Before You Begin ............................................................................................................1-2

Enabling RADIUS ...........................................................................................................1-3

Specifying the Client’s IP Address ...........................................................................1-8

Specifying the Primary Server’s IP Address ............................................................1-9

Selecting a Protocol for RADIUS Authentication ....................................................1-11

Chapter 2

RADIUS Overview

How RADIUS Works .......................................................................................................2-1

Bay Networks RADIUS Implementation .........................................................................2-2

RADIUS Authentication ............................................................................................2-3

Using PPP for Dial-up Connections ...................................................................2-3

Using IP and IPX Unnumbered Protocols for PPP Connections .......................2-4

Conﬁguring the Remote User to Work with the RADIUS Client .........................2-5

RADIUS Accounting .................................................................................................2-6

Using PPP for Dial-up Connections ...................................................................2-6

Conﬁguring a Dial Service for RADIUS Accounting ..........................................2-6

Using RADIUS-Compatible Servers with the RADIUS Client ..................................2-7

116752 Rev. A

Accepting Remote Users’ IP Addresses ..................................................................2-7

For More Information ......................................................................................................2-8

Chapter 3

Customizing the RADIUS Client Conﬁguration

Modifying the Client’s IP Address ...................................................................................3-1

Modifying Service from Authentication to Accounting ....................................................3-2

Modifying the Protocol for RADIUS Authentication .........................................................3-3

Modifying the PPP Authentication Protocol ....................................................................3-6

Removing RADIUS Authentication and Accounting .......................................................3-8

Chapter 4

Customizing the RADIUS Server Conﬁguration

Modifying the Primary Server’s Password ......................................................................4-1

Modifying the Server Mode .............................................................................................4-3

Authentication and Accounting UDP Ports .....................................................................4-3

Modifying the Server Response Time .............................................................................4-4

Modifying the Number of Client Requests to the Server ................................................4-4

Conﬁguring Alternate Servers ........................................................................................4-5

Reconnecting to the Primary Server ..............................................................................4-7

Changing the Primary and Alternate Servers .................................................................4-7

Removing a Server Entry ...............................................................................................4-8

Appendix A

RADIUS Parameters

Client IP Address Parameter ......................................................................................... A-1

Server Conﬁguration Parameters .................................................................................. A-2

Protocol Parameters for RADIUS Authentication ........................................................... A-5

Appendix B

RADIUS Parameter Defaults

Appendix C

Conﬁguration Examples

Conﬁguring RADIUS Authentication ..............................................................................C-2

Before You Begin .....................................................................................................C-2

Enable RADIUS Authentication ...............................................................................C-3

Select IP ..................................................................................................................C-4

116752 Rev. A

vii

Conﬁguring RADIUS Accounting ...................................................................................C-5

Before You Begin .....................................................................................................C-6

Create a Backup Pool .............................................................................................C-6

Create a Dial Backup Circuit ...................................................................................C-7

Enable RADIUS Accounting ....................................................................................C-8

Conﬁguring RADIUS Accounting and Authentication ....................................................C-9

Before You Begin ...................................................................................................C-10

Enable Dial Backup Service ..................................................................................C-10

Enable RADIUS Accounting and Authentication ...................................................C-10

Select IP for RADIUS Authentication ..............................................................C-11

Index

116752 Rev. A

Figures

Figure 1-1. Conﬁguration Manager Window ...............................................................1-3

Figure 1-2. RADIUS Client Conﬁguration Window .....................................................1-4

Figure 1-3. RADIUS Menu .........................................................................................1-4

Figure 1-4. Choose WAN Serial Interface Type Window ............................................1-5

Figure 1-5. Sync Line Media Type Window ................................................................1-6

Figure 1-6. Async Line Media Type Window ...............................................................1-6

Figure 1-7. ISDN Switch Conﬁguration Window .........................................................1-7

Figure 1-8. ISDN Logical Lines Window .....................................................................1-7

Figure 1-9. Primary Server Address Window .............................................................1-9

Figure 1-10. RADIUS Server Conﬁguration Window ..................................................1-10

Figure 1-11. RADIUS Dial_In Slot Window ................................................................1-11

Figure 1-12. RADIUS Dial_In Protocol Window .........................................................1-12

Figure 1-13. Dial Optimized Routing Query Window ..................................................1-12

Figure 2-1. Sample Network Using RADIUS ..............................................................2-2

Figure 3-1. RADIUS Client Conﬁguration Window .....................................................3-1

Figure 3-2. RADIUS Dial_In Slot Window ..................................................................3-3

Figure 3-3. RADIUS Dial_In Protocol Window ...........................................................3-4

Figure 3-4. Dial Optimized Routing Query Window ....................................................3-4

Figure 3-5. PPP Interface List Window .......................................................................3-6

Figure 3-6. PPP Line Lists Window ............................................................................3-7

Figure 4-1. RADIUS Server Conﬁguration Window ....................................................4-2

Figure 4-2. RADIUS Server Conﬁguration Window ....................................................4-5

Figure 4-3. Alternate Server Address Window ...........................................................4-6

Figure C-1. Sample Network Using RADIUS Authentication .....................................C-2

Figure C-2. Sample Network Using RADIUS Accounting ..........................................C-5

Figure C-3. Sample Network Conﬁgured for Dialing an Alternate Site ......................C-9

116752 Rev. A

Tables

Table B-1. RADIUS Parameter Defaults ................................................................... B-1

116752 Rev. A

xiii

About This Guide

If you are responsible for conﬁguring Remote Authentication Dial-In User

Service (RADIUS) software, read this manual.

Before You Begin

Before using this manual, complete the following tasks. For a new router:

• Install the router (refer to the installation manual that came with your router).

• Connect the router to the network and create a pilot conﬁguration ﬁle (refer to

Quick-Starting Routers

Connecting AN and ANH Systems to a Network

, or

Connecting ASN Routers to a Network)

Make sure that your router is running the latest version of the Bay Networks Site

Manager and router software. For instructions, refer to

Upgrading Routers from

Version 7–10.xx to Version 11.0

If you want to Go to

Start RADIUS on a router using the parameter defaults Chapter 1

Learn about RADIUS and the Bay Networks

implementation of

RADIUS

Chapter 2

Change parameter defaults for the RADIUS client conﬁguration Chapter 3

Change parameter defaults for the RADIUS server conﬁguration Chapter 4

Obtain information about RADIUS parameters (this is the same

information you obtain using Site Manager online Help)

Appendix A

Quickly obtain the default value of a RADIUS parameter Appendix B

See RADIUS conﬁguration examples Appendix C

Configuring RADIUS

xiv

116752 Rev. A

Conventions

bold text

Indicates text that you need to enter, command names,

and buttons in menu paths.

Example: Enter

wfsm &

Example: Use the

dinfo

command.

Example: ATM DXI > Interfaces >

PVCs

identiﬁes the

PVCs button in the window that appears when you

select the Interfaces option from the ATM DXI menu.

italic text

Indicates variable values in command syntax

descriptions, new terms, ﬁle and directory names, and

book titles.

quotation marks (“ ”) Indicate the title of a chapter or section within a book.

screen text

Indicates data that appears on the screen.

Example:

Set Bay Networks Trap Monitor Filters

separator ( > ) Separates menu and option names in instructions and

internal pin-to-pin wire connections.

Example: Protocols > AppleTalk identiﬁes the

AppleTalk option in the Protocols menu.

Example: Pin 7 > 19 > 20

vertical line (

) Indicates that you enter only one of the parts of the

command. The vertical line separates choices. Do not

type the vertical line when entering the command.

Example: If the command syntax is

show at routes

nets

you enter either

show at routes

show at nets

, but not both.

About This Guide

116752 Rev. A

Acronyms

CHAP Challenge Handshake Authentication Protocol

IP Internet Protocol

IPX Internet Packet Exchange

IPXWAN Internet Packet Exchange Wide Area Network

ISDN Integrated Services Digital Network

ISP Internet service provider

ITU-T International Telecommunication Union–Telecommunications

(formerly CCITT)

LAN local area network

OSPF Open Shortest Path First (protocol)

PAP Password Authentication Protocol

POTS plain old telephone service

PPP Point-to-Point Protocol

RADIUS Remote Authentication Dial-In User Service

RIP Routing Information Protocol

SAP Service Advertising Protocol

TCP/IP Transmission Control Protocol/Internet Protocol

UDP User Datagram Protocol

WAN wide area network

Ordering Bay Networks Publications

To purchase additional copies of this document or other Bay Networks

publications, order by part number from Bay Networks Press

™

at the following

numbers:

• Phone--U.S./Canada: 1-888-422-9773

• Phone--International: 1-510-490-4752

• FAX--U.S./Canada and International: 1-510-498-2609

Configuring RADIUS

xvi

116752 Rev. A

Bay Networks Customer Service

You can purchase a support contract from your Bay Networks distributor or

authorized reseller, or directly from Bay Networks Services. For information

about, or to purchase a Bay Networks service contract, either call your local Bay

Networks ﬁeld sales ofﬁce or one of the following numbers:

How to Get Help

If you purchased a service contract for your Bay Networks product from a

distributor or authorized reseller, contact the technical support staff for that

distributor or reseller for assistance.

If you purchased a Bay Networks service program, call one of the following Bay

Networks Technical Solutions Centers:

Region Telephone number Fax number

United States and

Canada

1-800-2LANWAN; then enter Express

Routing Code (ERC) 290, when prompted,

to purchase or renew a service contract

1-508-436-8880 (direct)

1-508-670-8766

Europe 33-4-92-96-69-66 33-4-92-96-69-96

Asia/Paciﬁc 61-2-9927-8888 61-2-9927-8899

Latin America 561-988-7661 561-988-7550

Technical Solutions Center Telephone number Fax number

Billerica, MA 1-800-2LANWAN 508-670-8765

Santa Clara, CA 1-800-2LANWAN 408-495-1188

Valbonne, France 33-4-92-96-69-68 33-4-92-96-69-98

Sydney, Australia 61-2-9927-8800 61-2-9927-8811

Tokyo, Japan 81-3-5402-0180 81-3-5402-0173

About This Guide

116752 Rev. A

xvii

For More Information

For information about Bay Networks and its products, visit the Bay Networks

World Wide Web (WWW) site at http://www.baynetworks.com. To learn more

about Bay Networks Customer Service, select Customer Service on the opening

Web page.

116752 Rev. A

1-1

Chapter 1

Starting RADIUS

Remote Authentication Dial-In User Service (RADIUS) deﬁnes a method of

centralizing authentication and accounting information for networks with many

remote dial-in users. By placing authentication and accounting functions in one

central location, you can improve security and better manage large networks.

In a network using RADIUS, the router is the RADIUS client. The client is the

connection point between remote users and a RADIUS server. The server has the

information that it needs to identify remote users and to keep accounting

information for each call.

How to Use This Manual

Understanding how this manual is organized should make it more useful to you.

The manual is organized as follows:

• Star

ting RADIUS

Begin by reading this chapter, which explains how to enable RADIUS on your

router using a basic conﬁguration, that is, a conﬁguration that uses all of the

available parameter defaults.

• RADIUS overview

Provides information about RADIUS authentication and accounting and the

Bay Networks implementation of these services. This information is in

Chapter 2.

• Instructions for modifying the default conﬁguration introduced in Cha

pter 1

These instructions are in Chapters 3 and 4. Most of the instructions assume

that you have read Cha

pter 1 and explain how to modify the default

conﬁguration.

Configuring RADIUS

1-2

116752 Rev. A

The steps that instruct you to set a parameter value are followed by a box that

includes the Site Manager parameter and the location of the parameter

description in Appendix A. To read more about the parameter before setting a

value, refer to the speciﬁed page. You can also read these parameter

descriptions by clicking on Help in the Site Manager windows.

• Parameter descriptions, parameter default tables, and conﬁguration examples

This information is in Appendixes A through C.

Before You Begin

Before you enable RADIUS, do the following:

Create and save a conﬁguration ﬁle that has at least one wide area network

(WAN) interface.

Retrieve the conﬁguration ﬁle in local, remote, or dynamic mode.

Specify the router hardware if this is a local-mode conﬁguration.

Conﬁgure the physical interface for any ISDN lines that you will use for

RADIUS.

Refer to

Conﬁguring Dial Services

to learn how to conﬁgure ISDN lines.

Conﬁgure one or more dial services so the RADIUS client can accept calls

from the remote user (RADIUS accounting only).

Conﬁgure dial-on-demand, dial backup, or bandwidth-on-demand service to

operate with RADIUS accounting. Refer to

Conﬁguring Dial Services

for

instructions. Once you enable RADIUS authentication, the RADIUS client

automatically conﬁgures a dial connection; therefore, you are not required to

conﬁgure a dial service.

Enable dial optimized routing on the remote routers (RADIUS authentication

only).

Dial optimized routing prevents Routing Information Protocol (RIP) updates

or Service Advertising Protocol (SAP) updates from keeping a line active

unnecessarily, thereby reducing the line costs. Enabling this feature improves

the operation of RADIUS authentication.

Page is loading ...

Avaya Configuring RADIUS Services User manual

Brand: Avaya

Model: Configuring RADIUS Services

Category: Software manuals

Type: User manual

Download PDF

report

Avaya Configuring RADIUS Services User manual

Avaya Configuring RADIUS Services User manual

Related papers

Other documents